US8505080B2ActiveUtilityA1
Method for generating cross-site scripting attack
Est. expiryAug 26, 2031(~5.1 yrs left)· nominal 20-yr term from priority
H04L 63/1433H04L 63/1466
58
PatentIndex Score
2
Cited by
6
References
7
Claims
Abstract
A method for generating a cross-site scripting attack is provided. An attack string sample is analyzed for obtaining a token sequence. A string word corresponding to each token is used to replace the token for generating a cross-site scripting attack string. Accordingly, a large number of cross-site scripting attacks are generated automatically, so as to execute a penetration test for a website.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A method for generating a cross-site scripting attack, applicable to an electronic device, comprising:
receiving a number of attack string samples, wherein each attack string sample includes a number of string words;
analyzing the attack string samples respectively to obtain a number of first token sequences, wherein each first token sequence includes a number of tokens, and each token corresponds to at least one of the string words;
generating a number of cross-site scripting attack strings according to the string words corresponding to the tokens and the first token sequences, comprising:
establishing a structure model according to the first token sequences;
generating a number of second token sequences by using the tokens according to the structure model; and
substituting the string words corresponding to the tokens into the second token sequences to generate the cross-site scripting attack strings; and
outputting the cross-site scripting attack strings.
2. The method for generating a cross-site scripting attack according to claim 1 , wherein the step of analyzing the attack string samples respectively to obtain the first token sequences comprises:
analyzing the attack string samples to obtain the first token sequences based on a cross-site scripting language syntax corresponding to the string words.
3. The method for generating a cross-site scripting attack according to claim 1 , wherein the second token sequences are randomly generated according to the structure model.
4. The method for generating a cross-site scripting attack according to claim 1 , wherein the structure model is established according to the Bayes' theorem, Markov Chain (MC) or Hidden Markov Model (HMM).
5. The method for generating a cross-site scripting attack according to claim 1 , wherein the structure model is represented by a directed graph to decide an order of the tokens in the second token sequences.
6. The method for generating a cross-site scripting attack according to claim 1 , wherein the structure model is converted through probability and automata technologies.
7. The method for generating a cross-site scripting attack according to claim 1 , wherein the string words corresponding to the tokens are obtained through random substitution into the second token sequences according to cross-site scripting language syntax.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.